It's about time financial institutions act on this :D

Received mention of this in email today... It's good to hear that after several problems, the companies in question are taking steps to secure the financial records of their customers. This does leave people's accounts (who might have been on those lost backup tapes) in question though...

I do wonder why a smaller percentage of financial service companies take steps to protect their data backup tapes before shipping them via UPS or whatever, then do business in general :suprised:

Data losses push businesses to encrypt backup tapes
By Jon Swartz, USA TODAY
SAN FRANCISCO — The loss of personal data of millions of consumers is prompting companies to embrace security technology they have neglected.
Citigroup's CitiFinancial division, Time Warner and Bank of America, stung by misplaced data of nearly 6 million people, are rushing to protect computer backup tapes with data-scrambling encryption technology. Hundreds of companies are making the move, security experts say.

Now, only 6% of financial-service companies and 7% of businesses encrypt all their backup tapes, says a report from the Enterprise Strategy Group, a storage market research firm.

No specific financial losses have been reported in the rash of lost data. But cybercrooks covet stolen IDs, which they convert to cash through theft, reshipping and money-laundering schemes, according to computer-security experts, law enforcement and legislators.

"Banks are already encrypting customer information for online banking, so what's stopping them from encrypting that same information when it is being transported?" says Rep. Ed Markey, D-Mass. He intends to ask the Federal Trade Commission, Securities and Exchange Commission and others whether they have the authority to require financial institutions to encrypt all data.

Most businesses copy computer data on backup tapes for storage with third-party vendors in the event of a disaster. Few encrypt it, because doing so is costly and technically challenging, says John Pironti, a security consultant at tech services company Unisys. But fallout from security breaches has companies acting:

• CitiFinancial, which blamed UPS for losing data tapes with personal data for 3.9 million people last week, intends to start encrypting backup data in July.

• Bank of America is eliminating backup tapes where possible, and transitioning to computer-to-computer data transfer, spokeswoman Betty Riess says. Since the third quarter of last year, all of BofA's data exchanges with credit bureaus have been encrypted. The bank, which lost data tapes for 1.2 million federal employees — including U.S. senators — in February, is testing encryption on backup tapes, Riess says.

• Shortly after it lost track of Social Security numbers and other data for 600,000 current and former U.S. employees in May, Time Warner decided to begin encrypting backup tapes, says spokeswoman Kathy McKiernan.

No law mandates financial institutions encrypt data, but Markey and others say a passage in the Gramm-Leach-Bliley Act requiring "technical" safeguards applies.